search

coforma / acme-tech-challenge

For Phase 3 of the ACME Tech Challenge
3 stars 1 forks source link

AWS prework #2

Closed malak-coforma closed 2 years ago

malak-coforma commented 2 years ago

Description

Prework to support creation of an AWS environment for the project.

Requirements

Next Steps

Tech notes

Database

Will be answered in #1

Containers

Docker or Kubernetes were given as options, but sounded like most people were leaning towards Docker. If so, creating a Dockerfile would be a part of this.

How are we deploying it?

How do security scans?

~Configure WAF <-- needs discussion still~ we de-prioritized the WAF

Extra: Tech Challenge Instructions

Assumptions

The following assumptions should be considered when designing and implementing the Challenge submission:

  1. It is not required that the solution is exclusively based on AWS services. Open-source tools, libraries and technologies can be used.
  2. The scripts, tooling and instructions to instantiate any service to be hosted within the AWS region must be part of the Challenge submission.
  3. For the scope of this challenge, the vendor can configure AWS environment to have inbound access from and outbound access to the Internet.
  4. For the scope of this challenge, Internet-available repositories can be accessed and used (e.g. operating systems, packages, libraries, containers, etc.).
  5. Consider the highest security standards as if receiving, sending and hosting Personal Identifiable Information and Protected Health Information, even for this Challenge. All system interfaces should be secured appropriately. Note: No PII or PHI shall be included in the submission.
  6. CMS will not purchase or accept a purchased license for any product or service (e.g., domain names, HTTPS certificates, etc.) other than those provided to CMS by AWS. CMS will not accept licenses where using the product or service for this evaluation falls outside acceptable use.
  7. No services that obligate future expenditures (such as reserved instances) are permitted.
  8. For maintainability, the vendor must use Java as a programming language, AWS CloudFormation or Terraform for deploying infrastructure, and OpenAPI for documenting interface contracts.

AWS Installation Requirements

  1. The Quoter's provided solution will be installed and operated in a single AWS provisioned account.
  2. System infrastructure deployment should be done via AWS CloudFormation or Terraform.
  3. Installation, testing, and uninstall scripts from the Quoter will be run from an EC2 T- series instance running Amazon Linux 2.
  4. The Quoter shall provide an IAM policy file that can be applied to the EC2 instance for running all install/test/uninstall scripts.
  5. All resources should be tagged to indicate the Quoter associated with the resource.
  6. The solution must create and deploy to its own Virtual Private Cloud (VPC).
  7. Solutions must choose from FedRAMP approved Cloud services.
malak-coforma commented 2 years ago

Database set up, codebase set up, working on setting up private subnets for local dev. Working on making sure container can connect to db, then will set up ci/cd.

malak-coforma commented 2 years ago

We don't think we'll need nginx.

malak-coforma commented 2 years ago

Security scan: Docker scan on ECR

malak-coforma commented 2 years ago

Don't know that WAF is absolutely necessary for challenge.

malak-coforma commented 2 years ago

We're not doing the WAF.